elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-21 21:17:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

IMP(5.1.8): allow more restrictive permissions (#59)

Browse Source 
fix #52

Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
This commit is contained in:
Thibault Ayanides 2021-02-17 11:40:31 +01:00 committed by GitHub
parent 1a7dd5893a
commit 6ab1cab3ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
bin/hardening/5.1.8_cron_users.sh
View File

@ -20,6 +20,7 @@ DESCRIPTION="Restrict at/cron to authorized users."
FILES_ABSENT='/etc/cron.deny /etc/at.deny'
FILES_PRESENT='/etc/cron.allow /etc/at.allow'
PERMISSIONS='644'
PERMISSIONSOK='644 640 600 440 400'
USER='root'
GROUP='root'
@ -44,7 +45,7 @@ audit() {
else
crit "$FILE ownership was not set to $USER:$GROUP"
fi
has_file_correct_permissions "$FILE" "$PERMISSIONS"
has_file_one_of_permissions "$FILE" "$PERMISSIONSOK"
if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions"
else
@ -78,7 +79,7 @@ apply() {
warn "fixing $FILE ownership to $USER:$GROUP"
chown "$USER":"$GROUP" "$FILE"
fi
has_file_correct_permissions "$FILE" "$PERMISSIONS"
has_file_one_of_permissions "$FILE" "$PERMISSIONSOK"
if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions"
else